bpf: Add a BPF helper for getting the IMA hash of an inode

Provide a wrapper function to get the IMA hash of an inode. This helper is useful in fingerprinting files (e.g executables on execution) and using these fingerprints in detections like an executable unlinking itself. Since the ima_inode_hash can sleep, it's only allowed for sleepable LSM hooks. Signed-off-by: KP Singh <kpsingh@google.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20201124151210.1081188-3-kpsingh@chromium.org
author: KP Singh <kpsingh@google.com> 2020-11-24 15:12:09 +0000
committer: Daniel Borkmann <daniel@iogearbox.net> 2020-11-26 00:04:04 +0100
commit: 27672f0d280a3f286a410a8db2004f46ace72a17 (patch)
tree: 04cce21fa652d2576937ea9e0b8c6378c7d96062 /scripts
parent: 403319be5de51167cd70ddf594b76c95e6d26844 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/scripts/bpf_helpers_doc.py b/scripts/bpf_helpers_doc.py
index c5bc947a70ad..8b829748d488 100755
--- a/scripts/bpf_helpers_doc.py
+++ b/scripts/bpf_helpers_doc.py
@@ -436,6 +436,7 @@ class PrinterHelpers(Printer):
             'struct xdp_md',
             'struct path',
             'struct btf_ptr',
+            'struct inode',
     ]
     known_types = {
             '...',
@@ -480,6 +481,7 @@ class PrinterHelpers(Printer):
             'struct task_struct',
             'struct path',
             'struct btf_ptr',
+            'struct inode',
     }
     mapped_types = {
             'u8': '__u8',
author	KP Singh <kpsingh@google.com>	2020-11-24 15:12:09 +0000
committer	Daniel Borkmann <daniel@iogearbox.net>	2020-11-26 00:04:04 +0100
commit	27672f0d280a3f286a410a8db2004f46ace72a17 (patch)
tree	04cce21fa652d2576937ea9e0b8c6378c7d96062 /scripts
parent	403319be5de51167cd70ddf594b76c95e6d26844 (diff)